function display_default() { $message = get_lang('RemoveOldDatabaseMessage'); $message_table = get_lang('RemoveOldTables'); $message_table .= "<br />" . implode(' , ', self::get_tables_to_delete()); $token = Security::get_token(); $url = $this->url(array(self::PARAM_ACTION => 'drop_old_databases', self::PARAM_SECURITY_TOKEN => $token)); $url_table = $this->url(array(self::PARAM_ACTION => 'drop_old_tables', self::PARAM_SECURITY_TOKEN => $token)); $go = get_lang('Go'); $access_url_id = api_get_current_access_url_id(); $message2 = ''; if ($access_url_id === 1) { if (api_is_windows_os()) { $message2 .= get_lang('SpaceUsedOnSystemCannotBeMeasuredOnWindows'); } else { $dir = api_get_path(SYS_PATH); $du = exec('du -sh ' . $dir, $err); list($size, $none) = explode("\t", $du); $limit = $_configuration[$url]['hosting_limit_disk_space']; $message2 .= sprintf(get_lang('TotalSpaceUsedByPortalXLimitIsYMB'), $size, $limit); } } if (!empty($message2)) { $message2 = '<li>' . $message2 . '</li>'; } echo <<<EOT <ul> <li> <div>{$message}</div> <a class="btn" href={$url}>{$go}</a> </li> <li> <div>{$message_table}</div> <a class="btn" href={$url_table}>{$go}</a> </li> {$message2} </ul> EOT; }
/** * Display list of courses in a category. * (for anonymous users) * * @version 1.1 * @author Patrick Cool <*****@*****.**>, Ghent University - refactoring and code cleaning * @author Julio Montoya <*****@*****.**>, Beeznest template modifs * @assert () !== 0 */ public function return_courses_in_categories() { $result = ''; $stok = Security::get_token(); // Initialization. $user_identified = api_get_user_id() > 0 && !api_is_anonymous(); $web_course_path = api_get_path(WEB_COURSE_PATH); $category = Database::escape_string($_GET['category']); $setting_show_also_closed_courses = api_get_setting('show_closed_courses') == 'true'; // Database table definitions. $main_course_table = Database::get_main_table(TABLE_MAIN_COURSE); $main_category_table = Database::get_main_table(TABLE_MAIN_CATEGORY); // Get list of courses in category $category. $sql_get_course_list = "SELECT * FROM {$main_course_table} cours\n WHERE category_code = '" . Database::escape_string($_GET['category']) . "'\n ORDER BY title, UPPER(visual_code)"; // Showing only the courses of the current access_url_id. if (api_is_multiple_url_enabled()) { $url_access_id = api_get_current_access_url_id(); if ($url_access_id != -1) { $tbl_url_rel_course = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE); $sql_get_course_list = "SELECT * FROM {$main_course_table} as course INNER JOIN {$tbl_url_rel_course} as url_rel_course\n ON (url_rel_course.c_id = course.id)\n WHERE access_url_id = {$url_access_id} AND category_code = '" . Database::escape_string($_GET['category']) . "' ORDER BY title, UPPER(visual_code)"; } } // Removed: AND cours.visibility='".COURSE_VISIBILITY_OPEN_WORLD."' $sql_result_courses = Database::query($sql_get_course_list); while ($course_result = Database::fetch_array($sql_result_courses)) { $course_list[] = $course_result; } $platform_visible_courses = ''; // $setting_show_also_closed_courses if ($user_identified) { if ($setting_show_also_closed_courses) { $platform_visible_courses = ''; } else { $platform_visible_courses = " AND (t3.visibility='" . COURSE_VISIBILITY_OPEN_WORLD . "' OR t3.visibility='" . COURSE_VISIBILITY_OPEN_PLATFORM . "' )"; } } else { if ($setting_show_also_closed_courses) { $platform_visible_courses = ''; } else { $platform_visible_courses = " AND (t3.visibility='" . COURSE_VISIBILITY_OPEN_WORLD . "' )"; } } $sqlGetSubCatList = "\n SELECT t1.name,t1.code,t1.parent_id,t1.children_count,COUNT(DISTINCT t3.code) AS nbCourse\n FROM {$main_category_table} t1\n LEFT JOIN {$main_category_table} t2 ON t1.code=t2.parent_id\n LEFT JOIN {$main_course_table} t3 ON (t3.category_code=t1.code {$platform_visible_courses})\n WHERE t1.parent_id " . (empty($category) ? "IS NULL" : "='{$category}'") . "\n GROUP BY t1.name,t1.code,t1.parent_id,t1.children_count ORDER BY t1.tree_pos, t1.name"; // Showing only the category of courses of the current access_url_id if (api_is_multiple_url_enabled()) { $url_access_id = api_get_current_access_url_id(); if ($url_access_id != -1) { $tbl_url_rel_course = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE); $sqlGetSubCatList = "\n SELECT t1.name,t1.code,t1.parent_id,t1.children_count,COUNT(DISTINCT t3.code) AS nbCourse\n FROM {$main_category_table} t1\n LEFT JOIN {$main_category_table} t2 ON t1.code=t2.parent_id\n LEFT JOIN {$main_course_table} t3 ON (t3.category_code=t1.code {$platform_visible_courses})\n INNER JOIN {$tbl_url_rel_course} as url_rel_course\n ON (url_rel_course.c_id = t3.id)\n WHERE access_url_id = {$url_access_id} AND t1.parent_id " . (empty($category) ? "IS NULL" : "='{$category}'") . "\n GROUP BY t1.name,t1.code,t1.parent_id,t1.children_count ORDER BY t1.tree_pos, t1.name"; } } $resCats = Database::query($sqlGetSubCatList); $thereIsSubCat = false; if (Database::num_rows($resCats) > 0) { $htmlListCat = Display::page_header(get_lang('CatList')); $htmlListCat .= '<ul>'; while ($catLine = Database::fetch_array($resCats)) { if ($catLine['code'] != $category) { $category_has_open_courses = $this->category_has_open_courses($catLine['code']); if ($category_has_open_courses) { // The category contains courses accessible to anonymous visitors. $htmlListCat .= '<li>'; $htmlListCat .= '<a href="' . api_get_self() . '?category=' . $catLine['code'] . '">' . $catLine['name'] . '</a>'; if (api_get_setting('show_number_of_courses') == 'true') { $htmlListCat .= ' (' . $catLine['nbCourse'] . ' ' . get_lang('Courses') . ')'; } $htmlListCat .= "</li>"; $thereIsSubCat = true; } elseif ($catLine['children_count'] > 0) { // The category has children, subcategories. $htmlListCat .= '<li>'; $htmlListCat .= '<a href="' . api_get_self() . '?category=' . $catLine['code'] . '">' . $catLine['name'] . '</a>'; $htmlListCat .= "</li>"; $thereIsSubCat = true; } elseif (api_get_setting('show_empty_course_categories') == 'true') { $htmlListCat .= '<li>'; $htmlListCat .= $catLine['name']; $htmlListCat .= "</li>"; $thereIsSubCat = true; } // Else don't set thereIsSubCat to true to avoid printing things if not requested. } else { $htmlTitre = '<p>'; if (api_get_setting('show_back_link_on_top_of_tree') == 'true') { $htmlTitre .= '<a href="' . api_get_self() . '"><< ' . get_lang('BackToHomePage') . '</a>'; } if (!is_null($catLine['parent_id']) || api_get_setting('show_back_link_on_top_of_tree') != 'true' && !is_null($catLine['code'])) { $htmlTitre .= '<a href="' . api_get_self() . '?category=' . $catLine['parent_id'] . '"><< ' . get_lang('Up') . '</a>'; } $htmlTitre .= "</p>"; if ($category != "" && !is_null($catLine['code'])) { $htmlTitre .= '<h3>' . $catLine['name'] . "</h3>"; } else { $htmlTitre .= '<h3>' . get_lang('Categories') . "</h3>"; } } } $htmlListCat .= "</ul>"; } $result .= $htmlTitre; if ($thereIsSubCat) { $result .= $htmlListCat; } while ($categoryName = Database::fetch_array($resCats)) { $result .= '<h3>' . $categoryName['name'] . "</h3>\n"; } $numrows = Database::num_rows($sql_result_courses); $courses_list_string = ''; $courses_shown = 0; if ($numrows > 0) { $courses_list_string .= Display::page_header(get_lang('CourseList')); $courses_list_string .= "<ul>"; if (api_get_user_id()) { $courses_of_user = $this->get_courses_of_user(api_get_user_id()); } foreach ($course_list as $course) { // $setting_show_also_closed_courses if (!$setting_show_also_closed_courses) { // If we do not show the closed courses // we only show the courses that are open to the world (to everybody) // and the courses that are open to the platform (if the current user is a registered user. if ($user_identified && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM || $course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD) { $courses_shown++; $courses_list_string .= "<li>\n"; $courses_list_string .= '<a href="' . $web_course_path . $course['directory'] . '/">' . $course['title'] . '</a><br />'; $course_details = array(); if (api_get_setting('display_coursecode_in_courselist') == 'true') { $course_details[] = $course['visual_code']; } if (api_get_setting('display_teacher_in_courselist') == 'true') { $course_details[] = $course['tutor_name']; } if (api_get_setting('show_different_course_language') == 'true' && $course['course_language'] != api_get_setting('platformLanguage')) { $course_details[] = $course['course_language']; } $courses_list_string .= implode(' - ', $course_details); $courses_list_string .= "</li>\n"; } } else { // We DO show the closed courses. // The course is accessible if (link to the course homepage): // 1. the course is open to the world (doesn't matter if the user is logged in or not): $course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD); // 2. the user is logged in and the course is open to the world or open to the platform: ($user_identified && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM); // 3. the user is logged in and the user is subscribed to the course and the course visibility is not COURSE_VISIBILITY_CLOSED; // 4. the user is logged in and the user is course admin of te course (regardless of the course visibility setting); // 5. the user is the platform admin api_is_platform_admin(). // $courses_shown++; $courses_list_string .= "<li>\n"; if ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD || $user_identified && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM || $user_identified && key_exists($course['code'], $courses_of_user) && $course['visibility'] != COURSE_VISIBILITY_CLOSED || $courses_of_user[$course['code']]['status'] == '1' || api_is_platform_admin()) { $courses_list_string .= '<a href="' . $web_course_path . $course['directory'] . '/">'; } $courses_list_string .= $course['title']; if ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD || $user_identified && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM || $user_identified && key_exists($course['code'], $courses_of_user) && $course['visibility'] != COURSE_VISIBILITY_CLOSED || $courses_of_user[$course['code']]['status'] == '1' || api_is_platform_admin()) { $courses_list_string .= '</a><br />'; } $course_details = array(); if (api_get_setting('display_coursecode_in_courselist') == 'true') { $course_details[] = $course['visual_code']; } // if (api_get_setting('display_coursecode_in_courselist') == 'true' && api_get_setting('display_teacher_in_courselist') == 'true') { // $courses_list_string .= ' - '; // } if (api_get_setting('display_teacher_in_courselist') == 'true') { $course_details[] = $course['tutor_name']; } if (api_get_setting('show_different_course_language') == 'true' && $course['course_language'] != api_get_setting('platformLanguage')) { $course_details[] = $course['course_language']; } if (api_get_setting('show_different_course_language') == 'true' && $course['course_language'] != api_get_setting('platformLanguage')) { $course_details[] = $course['course_language']; } $courses_list_string .= implode(' - ', $course_details); // We display a subscription link if: // 1. it is allowed to register for the course and if the course is not already in the courselist of the user and if the user is identiefied // 2. if ($user_identified && !key_exists($course['code'], $courses_of_user)) { if ($course['subscribe'] == '1') { $courses_list_string .= '<form action="main/auth/courses.php?action=subscribe&category=' . Security::remove_XSS($_GET['category']) . '" method="post">'; $courses_list_string .= '<input type="hidden" name="sec_token" value="' . $stok . '">'; $courses_list_string .= '<input type="hidden" name="subscribe" value="' . $course['code'] . '" />'; $courses_list_string .= '<input type="image" name="unsub" src="main/img/enroll.gif" alt="' . get_lang('Subscribe') . '" />' . get_lang('Subscribe') . '</form>'; } else { $courses_list_string .= '<br />' . get_lang('SubscribingNotAllowed'); } } $courses_list_string .= "</li>"; } //end else } // end foreach $courses_list_string .= "</ul>"; } if ($courses_shown > 0) { // Only display the list of courses and categories if there was more than // 0 courses visible to the world (we're in the anonymous list here). $result .= $courses_list_string; } if ($category != '') { $result .= '<p><a href="' . api_get_self() . '"> ' . Display::return_icon('back.png', get_lang('BackToHomePage')) . get_lang('BackToHomePage') . '</a></p>'; } return $result; }
function add_category_form($in_action, $type = 'simple') { $in_action = Security::remove_XSS($in_action); // Initiate the object $form = new FormValidator('note', 'post', api_get_self() . '?' . api_get_cidreq() . '&action=' . $in_action . "&type=" . $type); // Setting the form elements $form->addElement('header', get_lang('AddACategory')); $form->addElement('text', 'category_name', get_lang('CategoryName'), array('class' => 'span6')); $form->add_html_editor('category_description', get_lang('CategoryDescription'), false, false, array('ToolbarSet' => 'test_category', 'Width' => '90%', 'Height' => '200')); $form->addElement('select', 'parent_id', get_lang('Parent'), array(), array('id' => 'parent_id')); $form->addElement('style_submit_button', 'SubmitNote', get_lang('AddTestCategory'), 'class="add"'); // Setting the rules $form->addRule('category_name', get_lang('ThisFieldIsRequired'), 'required'); // The validation or display if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $values = $form->getSubmitValues(); $parent_id = isset($values['parent_id']) && isset($values['parent_id'][0]) ? $values['parent_id'][0] : null; $objcat = new Testcategory(0, $values['category_name'], $values['category_description'], $parent_id, $type, api_get_course_int_id()); if ($objcat->addCategoryInBDD()) { Display::display_confirmation_message(get_lang('AddCategoryDone')); } else { Display::display_confirmation_message(get_lang('AddCategoryNameAlreadyExists')); } } Security::clear_token(); display_add_category($type); display_categories($type); } else { display_goback($type); $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $form->display(); } }
/** * This function displays the form that is used to add a post. This can be a new thread or a reply. * @param array $current_forum * @param array $forum_setting * @param string $action is the parameter that determines if we are * 1. newthread: adding a new thread (both empty) => No I-frame * 2. replythread: Replying to a thread ($action = replythread) => I-frame with the complete thread (if enabled) * 3. replymessage: Replying to a message ($action =replymessage) => I-frame with the complete thread (if enabled) (I first thought to put and I-frame with the message only) * 4. quote: Quoting a message ($action= quotemessage) => I-frame with the complete thread (if enabled). The message will be in the reply. (I first thought not to put an I-frame here) * @return void HMTL * @author Patrick Cool <*****@*****.**>, Ghent University * @version february 2006, dokeos 1.8 */ function show_add_post_form($current_forum, $forum_setting, $action = '', $id = '', $form_values = '') { $_user = api_get_user_info(); $action = isset($_GET['action']) ? Security::remove_XSS($_GET['action']) : null; // Initialize the object. $myThread = isset($_GET['thread']) ? $_GET['thread'] : ''; $my_forum = isset($_GET['forum']) ? $_GET['forum'] : ''; $my_post = isset($_GET['post']) ? $_GET['post'] : ''; $my_gradebook = isset($_GET['gradebook']) ? Security::remove_XSS($_GET['gradebook']) : ''; $form = new FormValidator('thread', 'post', api_get_self() . '?' . http_build_query(['forum' => intval($my_forum), 'gradebook' => $my_gradebook, 'thread' => intval($myThread), 'post' => intval($my_post), 'action' => $action]) . '&' . api_get_cidreq()); $form->setConstants(array('forum' => '5')); // Setting the form elements. $form->addElement('hidden', 'forum_id', intval($my_forum)); $form->addElement('hidden', 'thread_id', intval($myThread)); $form->addElement('hidden', 'gradebook', $my_gradebook); // If anonymous posts are allowed we also display a form to allow the user to put his name or username in. if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addElement('text', 'poster_name', get_lang('Name')); $form->applyFilter('poster_name', 'html_filter'); } $form->addElement('text', 'post_title', get_lang('Title')); $form->addHtmlEditor('post_text', get_lang('Text'), true, null, api_is_allowed_to_edit(null, true) ? array('ToolbarSet' => 'Forum', 'Width' => '100%', 'Height' => '300') : array('ToolbarSet' => 'ForumStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student')); $form->addRule('post_text', get_lang('ThisFieldIsRequired'), 'required'); $iframe = null; $myThread = Security::remove_XSS($myThread); if ($forum_setting['show_thread_iframe_on_reply'] && $action != 'newthread' && !empty($myThread)) { $iframe = "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?" . api_get_cidreq() . "&forum=" . Security::remove_XSS($my_forum) . "&thread=" . $myThread . "#" . Security::remove_XSS($my_post) . "\" width=\"100%\"></iframe>"; } if (!empty($iframe)) { $form->addElement('label', get_lang('Thread'), $iframe); } $form->addElement('advanced_settings', 'advanced_params', get_lang('AdvancedParameters')); $form->addElement('html', '<div id="advanced_params_options" style="display:none">'); if ((api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !$myThread) { // Thread qualify if (Gradebook::is_active()) { //Loading gradebook select GradebookUtils::load_gradebook_select_in_tool($form); $form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook'), 'onclick="javascript:if(this.checked==true){document.getElementById(\'options_field\').style.display = \'block\';}else{document.getElementById(\'options_field\').style.display = \'none\';}"'); } else { $form->addElement('hidden', 'thread_qualify_gradebook', false); } $form->addElement('html', '<div id="options_field" style="display:none">'); $form->addElement('text', 'numeric_calification', get_lang('QualificationNumeric')); $form->applyFilter('numeric_calification', 'html_filter'); $form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook')); $form->applyFilter('calification_notebook_title', 'html_filter'); $form->addElement('text', 'weight_calification', get_lang('QualifyWeight'), array('value' => '0.00', 'onfocus' => "javascript: this.select();")); $form->applyFilter('weight_calification', 'html_filter'); $group = array(); $group[] = $form->createElement('radio', 'thread_peer_qualify', null, get_lang('Yes'), 1); $group[] = $form->createElement('radio', 'thread_peer_qualify', null, get_lang('No'), 0); $form->addGroup($group, '', [get_lang('ForumThreadPeerScoring'), get_lang('ForumThreadPeerScoringComment')], ' '); $form->addElement('html', '</div>'); } if ($forum_setting['allow_post_notification'] && isset($_user['user_id'])) { $form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail') . ' (' . $_user['mail'] . ')'); } if ($forum_setting['allow_sticky'] && api_is_allowed_to_edit(null, true) && $action == 'newthread') { $form->addElement('checkbox', 'thread_sticky', '', get_lang('StickyPost')); } if ($current_forum['allow_attachments'] == '1' || api_is_allowed_to_edit(null, true)) { $values = $form->exportValues(); } $form->addElement('html', '</div>'); if (in_array($action, ['quote', 'replymessage'])) { $form->addFile('user_upload[]', get_lang('Attachment')); $form->addButton('add_attachment', get_lang('AddAttachment'), 'paperclip', 'default', 'default', null, ['id' => 'reply-add-attachment']); } else { $form->addFile('user_upload', get_lang('Attachment')); } // Setting the class and text of the form title and submit button. if ($action == 'quote') { $form->addButtonCreate(get_lang('QuoteMessage'), 'SubmitPost'); } elseif ($action == 'replythread') { $form->addButtonCreate(get_lang('ReplyToThread'), 'SubmitPost'); } elseif ($action == 'replymessage') { $form->addButtonCreate(get_lang('ReplyToMessage'), 'SubmitPost'); } else { $form->addButtonCreate(get_lang('CreateThread'), 'SubmitPost'); } if (!empty($form_values)) { $defaults['post_title'] = prepare4display($form_values['post_title']); $defaults['post_text'] = prepare4display($form_values['post_text']); $defaults['post_notification'] = strval(intval($form_values['post_notification'])); $defaults['thread_sticky'] = strval(intval($form_values['thread_sticky'])); $defaults['thread_peer_qualify'] = intval($form_values['thread_peer_qualify']); } else { $defaults['thread_peer_qualify'] = 0; } // If we are quoting a message we have to retrieve the information of the post we are quoting so that // we can add this as default to the textarea. if (($action == 'quote' || $action == 'replymessage') && isset($my_post)) { // We also need to put the parent_id of the post in a hidden form when // we are quoting or replying to a message (<> reply to a thread !!!) $form->addElement('hidden', 'post_parent_id', intval($my_post)); // If we are replying or are quoting then we display a default title. $values = get_post_information($my_post); $defaults['post_title'] = get_lang('ReplyShort') . api_html_entity_decode($values['post_title'], ENT_QUOTES); // When we are quoting a message then we have to put that message into the wysiwyg editor. // Note: The style has to be hardcoded here because using class="quote" didn't work. if ($action == 'quote') { $defaults['post_text'] = '<div> </div><div style="margin: 5px;"><div style="font-size: 90%; font-style: italic;">' . get_lang('Quoting') . ' ' . api_get_person_name($values['firstname'], $values['lastname']) . ':</div><div style="color: #006600; font-size: 90%; font-style: italic; background-color: #FAFAFA; border: #D1D7DC 1px solid; padding: 3px;">' . prepare4display($values['post_text']) . '</div></div><div> </div><div> </div>'; } } $form->setDefaults(isset($defaults) ? $defaults : null); // The course admin can make a thread sticky (=appears with special icon and always on top). $form->addRule('post_title', get_lang('ThisFieldIsRequired'), 'required'); if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addRule('poster_name', get_lang('ThisFieldIsRequired'), 'required'); } // Validation or display if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $values = $form->exportValues(); if (isset($values['thread_qualify_gradebook']) && $values['thread_qualify_gradebook'] == '1' && empty($values['weight_calification'])) { Display::display_error_message(get_lang('YouMustAssignWeightOfQualification') . ' <a href="javascript:window.history.go(-1);">' . get_lang('Back') . '</a>', false); return false; } Security::clear_token(); return $values; } } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); // Delete from $_SESSION forum attachment from other posts // and keep only attachments for new post clearAttachedFiles(FORUM_NEW_POST); // Get forum attachment ajax table to add it to form $attachmentAjaxTable = getAttachmentsAjaxTable(0, $current_forum['forum_id']); $ajaxHtml = $attachmentAjaxTable; $form->addElement('html', $ajaxHtml); $form->display(); } }
/** * Show the Session Catalogue with filtered session by a query term * @param array $limit */ public function sessionListBySearch(array $limit) { $q = isset($_REQUEST['q']) ? Security::remove_XSS($_REQUEST['q']) : null; $hiddenLinks = isset($_GET['hidden_links']) ? intval($_GET['hidden_links']) == 1 : false; $courseUrl = CourseCategoryManager::getCourseCategoryUrl(1, $limit['length'], null, 0, 'subscribe'); $searchDate = isset($_POST['date']) ? $_POST['date'] : date('Y-m-d'); $sessions = $this->model->browseSessionsBySearch($q, $limit); $sessionsBlocks = $this->getFormatedSessionsBlock($sessions); echo Container::getTemplating()->render('@temaplte_style/auth/session_catalog.html.twig', ['show_courses' => CoursesAndSessionsCatalog::showCourses(), 'show_sessions' => CoursesAndSessionsCatalog::showSessions(), 'show_tutor' => api_get_setting('session.show_session_coach') === 'true' ? true : false, 'course_url' => $courseUrl, 'already_subscribed_label' => $this->getAlreadyRegisteredInSessionLabel(), 'hidden_links' => $hiddenLinks, 'search_token' => Security::get_token(), 'search_date' => Security::remove_XSS($searchDate), 'search_tag' => Security::remove_XSS($q), 'sessions' => $sessionsBlocks]); }
public function get_token() { if (!$this->can_edit()) { return ''; } if ($this->token) { return $this->token; } $this->session_token = $this->get_session_token(); $this->token = \Security::get_token(); }
$this_section = SECTION_COURSES; Display::display_header(''); if (isset($_GET['action']) && $_GET['action'] == 'delete') { $check = Security::check_token('get'); if ($check) { $certificate = new Certificate($_GET['certificate_id']); $result = $certificate->delete(true); Security::clear_token(); if ($result == true) { Display::display_confirmation_message(get_lang('CertificateRemoved')); } else { Display::display_error_message(get_lang('CertificateNotRemoved')); } } } $token = Security::get_token(); echo Display::page_header(get_lang('GradebookListOfStudentsCertificates')); //@todo replace all this code with something like get_total_weight() $cats = Category::load($cat_id, null, null, null, null, null, false); if (!empty($cats)) { //with this fix the teacher only can view 1 gradebook if (api_is_platform_admin()) { $stud_id = api_is_allowed_to_edit() ? null : api_get_user_id(); } else { $stud_id = api_get_user_id(); } $total_weight = $cats[0]->get_weight(); $allcat = $cats[0]->get_subcategories($stud_id, api_get_course_id(), api_get_session_id()); $alleval = $cats[0]->get_evaluations($stud_id); $alllink = $cats[0]->get_links($stud_id); $datagen = new GradebookDataGenerator($allcat, $alleval, $alllink);
/** * form to add a category * @todo move to TestCategory.class.php * @param string $action */ function add_category_form($action) { $action = Security::remove_XSS($action); // initiate the object $form = new FormValidator('note', 'post', api_get_self() . '?action=' . $action); // Setting the form elements $form->addElement('header', get_lang('AddACategory')); $form->addElement('text', 'category_name', get_lang('CategoryName'), array('size' => '95')); $form->addHtmlEditor('category_description', get_lang('CategoryDescription'), false, false, array('ToolbarSet' => 'test_category', 'Height' => '200')); $form->addButtonCreate(get_lang('AddTestCategory'), 'SubmitNote'); // setting the rules $form->addRule('category_name', get_lang('ThisFieldIsRequired'), 'required'); // The validation or display if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $values = $form->exportValues(); $v_name = Security::remove_XSS($values['category_name'], COURSEMANAGER); $v_description = Security::remove_XSS($values['category_description'], COURSEMANAGER); $objcat = new TestCategory(0, $v_name, $v_description); if ($objcat->addCategoryInBDD()) { Display::display_confirmation_message(get_lang('AddCategoryDone')); } else { Display::display_confirmation_message(get_lang('AddCategoryNameAlreadyExists')); } } Security::clear_token(); } else { display_goback(); $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $form->display(); } }
function display_form() { $html = ''; $sessions = SessionManager::get_sessions_list(array(), array('name', 'ASC')); // Actions $html .= '<div class="actions">'; // Link back to the documents overview $html .= '<a href="../admin/index.php">' . Display::return_icon('back.png', get_lang('BackTo') . ' ' . get_lang('PlatformAdmin'), '', ICON_SIZE_MEDIUM) . '</a>'; $html .= '</div>'; $html .= Display::return_message(get_lang('CopyCourseFromSessionToSessionExplanation')); $html .= '<form name="formulaire" method="post" action="' . api_get_self() . '" >'; $html .= '<table border="0" cellpadding="5" cellspacing="0" width="100%">'; // origin $html .= '<tr><td width="15%"><b>' . get_lang('OriginCoursesFromSession') . ':</b></td>'; $html .= '<td width="10%" align="left">' . make_select_session_list('sessions_list_origin', $sessions, array('onchange' => 'javascript: xajax_search_courses(this.value,\'origin\');')) . '</td>'; $html .= '<td width="50%"><div id="ajax_list_courses_origin">'; $html .= '<select id="origin" name="SessionCoursesListOrigin[]" style="width:380px;"></select></div></td></tr>'; //destination $html .= '<tr><td width="15%"><b>' . get_lang('DestinationCoursesFromSession') . ':</b></td>'; $html .= '<td width="10%" align="left"><div id="ajax_sessions_list_destination">'; $html .= '<select name="sessions_list_destination" onchange="javascript: xajax_search_courses(this.value,\'destination\');">'; $html .= '<option value = "0">' . get_lang('ThereIsNotStillASession') . '</option></select ></div></td>'; $html .= '<td width="50%">'; $html .= '<div id="ajax_list_courses_destination">'; $html .= '<select id="destination" name="SessionCoursesListDestination[]" style="width:380px;" ></select></div></td>'; $html .= '</tr></table>'; $html .= '<h4>' . get_lang('TypeOfCopy') . '</h4>'; $html .= '<label class="radio"><input type="radio" id="copy_option_1" name="copy_option" value="full_copy" checked="checked"/>'; $html .= get_lang('FullCopy') . '</label><br/>'; $html .= '<label class="radio"><input type="radio" id="copy_option_2" name="copy_option" value="select_items" disabled="disabled"/>'; $html .= ' ' . get_lang('LetMeSelectItems') . '</label><br/>'; $html .= '<label class="checkbox"><input type="checkbox" id="copy_base_content_id" name="copy_only_session_items" />' . get_lang('CopyOnlySessionItems') . '</label><br /><br/>'; $html .= '<button class="btn btn-success" type="submit" onclick="javascript:if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)) . "'" . ')) return false;"><i class="fa fa-files-o"></i> ' . get_lang('CopyCourse') . '</button>'; // Add Security token $html .= '<input type="hidden" value="' . Security::get_token() . '" name="sec_token">'; $html .= '</form>'; echo $html; }
/** * this function returns the code for the form for adding a new feedback message to a dropbox file. * @return html code * * @author Patrick Cool <*****@*****.**>, Ghent University * @version march 2006 */ function feedback_form() { $return = get_lang('AddNewFeedback') . '<br />'; $number_users_who_see_file = check_if_file_exist($_GET['id']); if ($number_users_who_see_file) { $token = Security::get_token(); $return .= '<textarea name="feedback" style="width: 80%; height: 80px;"></textarea>'; $return .= '<input type="hidden" name="sec_token" value="' . $token . '"/>'; $return .= '<br /><button type="submit" class="add" name="store_feedback" value="' . get_lang('Ok') . '" onclick="javascript: document.form_dropbox.attributes.action.value = document.location;">' . get_lang('AddComment') . '</button>'; } else { $return .= get_lang('AllUsersHaveDeletedTheFileAndWillNotSeeFeedback'); } return $return; }
public static function process_hot_course_item($courses, $my_course_code_list = array()) { $ajax_url = api_get_path(WEB_AJAX_PATH) . 'course.ajax.php?a=add_course_vote'; foreach ($courses as &$my_course) { $course_info = api_get_course_info_by_id($my_course['c_id']); $my_course['extra_info'] = $course_info; $my_course['extra_info']['go_to_course_button'] = ''; $my_course['extra_info']['register_button'] = ''; $access_link = self::get_access_link_by_user(api_get_user_id(), $course_info, $my_course_code_list); //Course visibility if ($access_link && in_array('register', $access_link)) { $stok = Security::get_token(); $my_course['extra_info']['register_button'] = Display::url(get_lang('Subscribe'), api_get_path(WEB_COURSE_PATH) . $course_info['path'] . '/index.php?action=subscribe&sec_token=' . $stok, array('class' => 'btn btn-primary')); } if ($access_link && in_array('enter', $access_link)) { $my_course['extra_info']['go_to_course_button'] = Display::url(get_lang('GoToCourse'), api_get_path(WEB_COURSE_PATH) . $course_info['path'] . '/index.php', array('class' => 'btn btn-primary')); } // Description $my_course['extra_info']['description_button'] = ''; if ($course_info['visibility'] == COURSE_VISIBILITY_OPEN_WORLD || in_array($course_info['real_id'], $my_course_code_list)) { $my_course['extra_info']['description_button'] = Display::url(get_lang('Description'), api_get_path(WEB_AJAX_PATH) . 'course_home.ajax.php?a=show_course_information&code=' . $course_info['code'], array('class' => 'ajax btn btn-default')); } $my_course['extra_info']['teachers'] = CourseManager::get_teacher_list_from_course_code_to_string($course_info['real_id']); $point_info = self::get_course_ranking($course_info['real_id'], 0); $my_course['extra_info']['rating_html'] = Display::return_rating_system('star_' . $course_info['real_id'], $ajax_url . '&course_id=' . $course_info['real_id'], $point_info); } return $courses; }
/** * Returns the current secuirty token. Used to avoid see surfing attacks. * * @return type */ static function security_token() { static $result = null; if (empty($result)) { $result = Security::get_token(); } return $result; }
/** * This function displays the form that is used to add a post. This can be a new thread or a reply. * @param $action is the parameter that determines if we are * 1. newthread: adding a new thread (both empty) => No I-frame * 2. replythread: Replying to a thread ($action = replythread) => I-frame with the complete thread (if enabled) * 3. replymessage: Replying to a message ($action =replymessage) => I-frame with the complete thread (if enabled) (I first thought to put and I-frame with the message only) * 4. quote: Quoting a message ($action= quotemessage) => I-frame with the complete thread (if enabled). The message will be in the reply. (I first thought not to put an I-frame here) * @return void HMTL * @author Patrick Cool <*****@*****.**>, Ghent University * @version february 2006, dokeos 1.8 */ function show_add_post_form($action = '', $id = '', $form_values = '') { global $forum_setting; global $current_forum; global $_user; global $origin; $gradebook = Security::remove_XSS($_GET['gradebook']); // Setting the class and text of the form title and submit button. if ($_GET['action'] == 'quote') { $class = 'save'; $text = get_lang('QuoteMessage'); } elseif ($_GET['action'] == 'replythread') { $class = 'save'; $text = get_lang('ReplyToThread'); } elseif ($_GET['action'] == 'replymessage') { $class = 'save'; $text = get_lang('ReplyToMessage'); } else { $class = 'add'; $text = get_lang('CreateThread'); } // Initialize the object. $my_thread = isset($_GET['thread']) ? $_GET['thread'] : ''; $my_forum = isset($_GET['forum']) ? $_GET['forum'] : ''; $my_action = isset($_GET['action']) ? $_GET['action'] : ''; $my_post = isset($_GET['post']) ? $_GET['post'] : ''; $my_gradebook = isset($_GET['gradebook']) ? Security::remove_XSS($_GET['gradebook']) : ''; $form = new FormValidator('thread', 'post', api_get_self() . '?forum=' . Security::remove_XSS($my_forum) . '&gradebook=' . $gradebook . '&thread=' . Security::remove_XSS($my_thread) . '&post=' . Security::remove_XSS($my_post) . '&action=' . Security::remove_XSS($my_action) . '&origin=' . $origin); $form->setConstants(array('forum' => '5')); $form->addElement('header', $text); // Settting the form elements. $form->addElement('hidden', 'forum_id', intval($my_forum)); $form->addElement('hidden', 'thread_id', intval($my_thread)); $form->addElement('hidden', 'gradebook', $my_gradebook); // If anonymous posts are allowed we also display a form to allow the user to put his name or username in. if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addElement('text', 'poster_name', get_lang('Name')); $form->applyFilter('poster_name', 'html_filter'); } $form->addElement('text', 'post_title', get_lang('Title')); $form->addElement('html_editor', 'post_text', get_lang('Text'), true, api_is_allowed_to_edit(null, true) ? array('ToolbarSet' => 'Forum', 'Width' => '100%', 'Height' => '300') : array('ToolbarSet' => 'ForumStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student')); $form->addRule('post_text', get_lang('ThisFieldIsRequired'), 'required'); $form->addElement('advanced_settings', '<a href="javascript://" onclick="return advanced_parameters()"> <span id="img_plus_and_minus"> ' . Display::return_icon('div_show.gif', get_lang('Show'), array('style' => 'vertical-align:middle')) . ' ' . get_lang('AdvancedParameters') . '</span></a>'); $form->addElement('html', '<div id="id_qualify" style="display:none">'); if ((api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !$my_thread) { // Thread qualify if (Gradebook::is_active()) { //Loading gradebook select load_gradebook_select_in_tool($form); $form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook'), 'onclick="javascript:if(this.checked==true){document.getElementById(\'options_field\').style.display = \'block\';}else{document.getElementById(\'options_field\').style.display = \'none\';}"'); } else { $form->addElement('hidden', 'thread_qualify_gradebook', false); } $form->addElement('html', '<div id="options_field" style="display:none">'); $form->addElement('text', 'numeric_calification', get_lang('QualificationNumeric')); $form->applyFilter('numeric_calification', 'html_filter'); $form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook')); $form->applyFilter('calification_notebook_title', 'html_filter'); $form->addElement('text', 'weight_calification', get_lang('QualifyWeight'), 'value="0.00" Style="width:40px" onfocus="javascript: this.select();"'); $form->applyFilter('weight_calification', 'html_filter'); $form->addElement('html', '</div>'); } if ($forum_setting['allow_post_notification'] && isset($_user['user_id'])) { $form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail') . ' (' . $_user['mail'] . ')'); } if ($forum_setting['allow_sticky'] && api_is_allowed_to_edit(null, true) && $action == 'newthread') { $form->addElement('checkbox', 'thread_sticky', '', get_lang('StickyPost')); } if ($current_forum['allow_attachments'] == '1' || api_is_allowed_to_edit(null, true)) { $values = $form->exportValues(); } // User upload $form->addElement('static', null, null, get_lang('AddAnAttachment')); $form->addElement('file', 'user_upload', get_lang('FileName'), ''); $form->addElement('textarea', 'file_comment', get_lang('FileComment'), array('rows' => 4, 'cols' => 34)); $form->applyFilter('file_comment', 'html_filter'); $form->addElement('html', '</div>'); $form->addElement('style_submit_button', 'SubmitPost', $text, 'class="' . $class . '"'); $form->add_real_progress_bar('DocumentUpload', 'user_upload'); if (!empty($form_values)) { $defaults['post_title'] = prepare4display($form_values['post_title']); $defaults['post_text'] = prepare4display($form_values['post_text']); $defaults['post_notification'] = strval(intval($form_values['post_notification'])); $defaults['thread_sticky'] = strval(intval($form_values['thread_sticky'])); } // If we are quoting a message we have to retrieve the information of the post we are quoting so that // we can add this as default to the textarea. if (($action == 'quote' || $action == 'replymessage') && isset($my_post)) { // We also need to put the parent_id of the post in a hidden form when we are quoting or replying to a message (<> reply to a thread !!!) $form->addElement('hidden', 'post_parent_id', strval(intval($my_post))); // Note: This has to be cleaned first. // If we are replying or are quoting then we display a default title. $values = get_post_information($my_post); // Note: This has to be cleaned first. $defaults['post_title'] = get_lang('ReplyShort') . api_html_entity_decode($values['post_title'], ENT_QUOTES); // When we are quoting a message then we have to put that message into the wysiwyg editor. // Note: The style has to be hardcoded here because using class="quote" didn't work. if ($action == 'quote') { $defaults['post_text'] = '<div> </div><div style="margin: 5px;"><div style="font-size: 90%; font-style: italic;">' . get_lang('Quoting') . ' ' . api_get_person_name($values['firstname'], $values['lastname']) . ':</div><div style="color: #006600; font-size: 90%; font-style: italic; background-color: #FAFAFA; border: #D1D7DC 1px solid; padding: 3px;">' . prepare4display($values['post_text']) . '</div></div><div> </div><div> </div>'; } } $form->setDefaults(isset($defaults) ? $defaults : null); // The course admin can make a thread sticky (=appears with special icon and always on top). $form->addRule('post_title', get_lang('ThisFieldIsRequired'), 'required'); if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addRule('poster_name', get_lang('ThisFieldIsRequired'), 'required'); } // Validation or display if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $values = $form->exportValues(); if ($values['thread_qualify_gradebook'] == '1' && empty($values['weight_calification'])) { Display::display_error_message(get_lang('YouMustAssignWeightOfQualification') . ' <a href="javascript:window.back()">' . get_lang('Back') . '</a>', false); return false; } Security::clear_token(); return $values; } } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $iframe = null; if ($forum_setting['show_thread_iframe_on_reply'] && $action != 'newthread') { $iframe = "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?forum=" . Security::remove_XSS($my_forum) . "&thread=" . Security::remove_XSS($my_thread) . "#" . Security::remove_XSS($my_post) . "\" width=\"100%\"></iframe>"; } if (!empty($iframe)) { $form->addElement('label', get_lang('Thread'), $iframe); } $form->display(); } }
function display_data($return = false) { $count = array($this, 'count'); $data = array($this, 'get_data'); $parameters = array(); $parameters['sec_token'] = Security::get_token(); $parameters['ceiling'] = $this->get_ceiling(); $parameters['active_only'] = $this->get_active_only() ? 'true' : 'false'; $additional_parameters = $this->get_additional_parameters(); $parameters = array_merge($additional_parameters, $parameters); $table = new SortableTable('users', $count, $data, 1, 50); $table->set_additional_parameters($parameters); $col = 0; $table->set_header($col++, '', false); $table->set_header($col++, get_lang('Code')); $table->set_header($col++, get_lang('FirstName')); $table->set_header($col++, get_lang('LastName')); $table->set_header($col++, get_lang('LoginName')); $table->set_header($col++, get_lang('Email')); $table->set_header($col++, get_lang('Profile')); $table->set_header($col++, get_lang('AuthenticationSource')); $table->set_header($col++, get_lang('RegisteredDate')); $table->set_header($col++, get_lang('LastAccess'), false); $table->set_header($col++, get_lang('Active'), false); $table->set_column_filter(5, array($this, 'format_email')); $table->set_column_filter(6, array($this, 'format_status')); $table->set_column_filter(10, array($this, 'format_active')); $table->set_form_actions(array('activate' => get_lang('Activate'), 'deactivate' => get_lang('Deactivate'), 'delete' => get_lang('Delete'))); if ($return) { return $table->return_table(); } else { echo $table->return_table(); } }
/** * Add (or edit) a template. This function displays the form and also takes * care of uploading the image and storing the information in the database * * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium * @version August 2008 * @since Dokeos 1.8.6 */ function add_edit_template() { // Initialize the object. $id = isset($_GET['id']) ? '&id=' . Security::remove_XSS($_GET['id']) : ''; $form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . Security::remove_XSS($_GET['action']) . $id); // Setting the form elements: the header. if ($_GET['action'] == 'add') { $title = get_lang('AddTemplate'); } else { $title = get_lang('EditTemplate'); } $form->addElement('header', '', $title); // Setting the form elements: the title of the template. $form->addText('title', get_lang('Title'), false); // Setting the form elements: the content of the template (wysiwyg editor). $form->addHtmlEditor('template_text', get_lang('Text'), false, false, array('ToolbarSet' => 'AdminTemplates', 'Width' => '100%', 'Height' => '400')); // Setting the form elements: the form to upload an image to be used with the template. $form->addElement('file', 'template_image', get_lang('Image'), ''); // Setting the form elements: a little bit information about the template image. $form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70')); // Getting all the information of the template when editing a template. if ($_GET['action'] == 'edit') { // Database table definition. $table_system_template = Database::get_main_table('system_template'); $sql = "SELECT * FROM {$table_system_template} WHERE id = " . intval($_GET['id']) . ""; $result = Database::query($sql); $row = Database::fetch_array($result); $defaults['template_id'] = intval($_GET['id']); $defaults['template_text'] = $row['content']; // Forcing get_lang(). $defaults['title'] = get_lang($row['title']); // Adding an extra field: a hidden field with the id of the template we are editing. $form->addElement('hidden', 'template_id'); // Adding an extra field: a preview of the image that is currently used. if (!empty($row['image'])) { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>'); } else { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>'); } // Setting the information of the template that we are editing. $form->setDefaults($defaults); } // Setting the form elements: the submit button. $form->addButtonSave(get_lang('Ok'), 'submit'); // Setting the rules: the required fields. $form->addRule('template_image', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('title', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('template_text', get_lang('ThisFieldIsRequired'), 'required'); // if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed) if ($form->validate()) { $check = Security::check_token('post'); if ($check) { // Exporting the values. $values = $form->exportValues(); // Upload the file. if (!empty($_FILES['template_image']['name'])) { $upload_ok = process_uploaded_file($_FILES['template_image']); if ($upload_ok) { // Try to add an extension to the file if it hasn't one. $new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']); // The upload directory. $upload_dir = api_get_path(SYS_APP_PATH) . 'home/default_platform_document/template_thumb/'; // Create the directory if it does not exist. if (!is_dir($upload_dir)) { mkdir($upload_dir, api_get_permissions_for_new_directories()); } // Resize the preview image to max default and upload. $temp = new Image($_FILES['template_image']['tmp_name']); $picture_info = $temp->get_image_info(); $max_width_for_picture = 100; if ($picture_info['width'] > $max_width_for_picture) { $temp->resize($max_width_for_picture); } $temp->send_image($upload_dir . $new_file_name); } } // Store the information in the database (as insert or as update). $table_system_template = Database::get_main_table('system_template'); if ($_GET['action'] == 'add') { $content_template = Security::remove_XSS($values['template_text'], COURSEMANAGERLOWSECURITY); $params = ['title' => $values['title'], 'content' => $content_template, 'image' => $new_file_name]; Database::insert($table_system_template, $params); // Display a feedback message. Display::display_confirmation_message(get_lang('TemplateAdded')); echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('new_template.png', get_lang('AddTemplate'), '', ICON_SIZE_MEDIUM) . '</a>'; } else { $content_template = '<head>{CSS}<style type="text/css">.text{font-weight: normal;}</style></head><body>' . Database::escape_string($values['template_text']) . '</body>'; $sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "', content = '" . $content_template . "'"; if (!empty($new_file_name)) { $sql .= ", image = '" . Database::escape_string($new_file_name) . "'"; } $sql .= " WHERE id = " . intval($_GET['id']) . ""; Database::query($sql); // Display a feedback message. Display::display_confirmation_message(get_lang('TemplateEdited')); } } Security::clear_token(); display_templates(); } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); // Display the form. $form->display(); } }
if ($course_info['unsubscribe'] == 1) { if ($user_id == $current_user_id) { $result .= '<a class="btn btn-small btn-danger" href="' . api_get_self() . '?' . api_get_cidreq() . '&type=' . $type . '&unregister=yes&user_id=' . $user_id . '" title="' . get_lang('Unreg') . ' " onclick="javascript:if(!confirm(\'' . addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES, $charset)) . '\')) return false;">' . get_lang('Unreg') . '</a> '; } } } return $result; } function hide_field() { return null; } $default_column = 3; $table = new SortableTable('user_list', 'get_number_of_users', 'get_user_data', $default_column); $parameters['keyword'] = isset($_GET['keyword']) ? Security::remove_XSS($_GET['keyword']) : null; $parameters['sec_token'] = Security::get_token(); $table->set_additional_parameters($parameters); $header_nr = 0; $indexList = array(); $table->set_header($header_nr++, '', false); $indexList['photo'] = $header_nr; $table->set_header($header_nr++, get_lang('Photo'), false); $table->set_header($header_nr++, get_lang('OfficialCode')); $indexList['official_code'] = $header_nr; if ($is_western_name_order) { $indexList['firstname'] = $header_nr; $table->set_header($header_nr++, get_lang('FirstName')); $indexList['lastname'] = $header_nr; $table->set_header($header_nr++, get_lang('LastName')); } else { $indexList['lastname'] = $header_nr;
/** * Show the Session Catalogue with filtered session by a query term * @param array $limit */ public function sessionListBySearch(array $limit) { $q = isset($_REQUEST['q']) ? Security::remove_XSS($_REQUEST['q']) : null; $hiddenLinks = isset($_GET['hidden_links']) ? intval($_GET['hidden_links']) == 1 : false; $courseUrl = getCourseCategoryUrl(1, $limit['length'], null, 0, 'subscribe'); $searchDate = isset($_POST['date']) ? $_POST['date'] : date('Y-m-d'); $sessions = $this->model->browseSessionsBySearch($q, $limit); $sessionsBlocks = $this->getFormatedSessionsBlock($sessions); $tpl = new Template(); $tpl->assign('show_courses', CoursesAndSessionsCatalog::showCourses()); $tpl->assign('show_sessions', CoursesAndSessionsCatalog::showSessions()); $tpl->assign('show_tutor', api_get_setting('show_session_coach') === 'true' ? true : false); $tpl->assign('course_url', $courseUrl); $tpl->assign('already_subscribed_label', $this->getAlreadyRegisteredInSessionLabel()); $tpl->assign('hidden_links', $hiddenLinks); $tpl->assign('search_token', Security::get_token()); $tpl->assign('search_date', Security::remove_XSS($searchDate)); $tpl->assign('search_tag', Security::remove_XSS($q)); $tpl->assign('sessions', $sessionsBlocks); $contentTemplate = $tpl->get_template('auth/session_catalog.tpl'); $tpl->display($contentTemplate); }
<?php /* For licensing terms, see /license.txt */ /** * View (MVC patter) for courses * @author Christian Fasanando <*****@*****.**> - Beeznest * @package chamilo.auth */ // Access rights: anonymous users can't do anything usefull here. api_block_anonymous_users(); $stok = Security::get_token(); $courses_without_category = isset($courses_in_category[0]) ? $courses_in_category[0] : null; ?> <!-- Actions: The menu with the different options in cathe course management --> <div id="actions" class="actions"> <?php if ($action != 'createcoursecategory') { ?> <a href="<?php echo api_get_self(); ?>?action=createcoursecategory"><?php echo Display::return_icon('new_folder.png', get_lang('CreateCourseCategory'),'','32'); ?></a> <?php } ?> </div> <?php if (!empty($message)) { Display::display_confirmation_message($message, false); } // COURSES WITH CATEGORIES if (!empty($user_course_categories)) { foreach ($user_course_categories as $row) {
function display_form() { $html = ''; $sessions = SessionManager::get_sessions_list(array(), array('name', 'ASC')); // Actions // Link back to the documents overview $actionsLeft = '<a href="../admin/index.php">' . Display::return_icon('back.png', get_lang('BackTo') . ' ' . get_lang('PlatformAdmin'), '', ICON_SIZE_MEDIUM) . '</a>'; $html .= Display::toolbarAction('toolbar-copysession', array(0 => $actionsLeft)); $html .= Display::return_message(get_lang('CopyCourseFromSessionToSessionExplanation'), 'warning'); $html .= '<form class="form-horizontal" name="formulaire" method="post" action="' . api_get_self() . '" >'; $html .= '<div class="form-group">'; // origin $html .= '<label class="col-sm-2 control-label">' . get_lang('OriginCoursesFromSession') . ': </label>'; $html .= '<div class="col-sm-5">' . make_select_session_list('sessions_list_origin', $sessions, array('onchange' => 'javascript: xajax_search_courses(this.value,\'origin\');')) . '</div>'; $html .= '<div class="col-sm-5" id="ajax_list_courses_origin">'; $html .= '<select id="origin" class="form-control" name="SessionCoursesListOrigin[]" ></select>'; $html .= '</div></div>'; //destination $html .= '<div class="form-group">'; $html .= '<label class="col-sm-2 control-label">' . get_lang('DestinationCoursesFromSession') . ': </label>'; $html .= '<div class="col-sm-5" id="ajax_sessions_list_destination">'; $html .= '<select class="form-control" name="sessions_list_destination" onchange="javascript: xajax_search_courses(this.value,\'destination\');">'; $html .= '<option value = "0">' . get_lang('ThereIsNotStillASession') . '</option></select ></div>'; $html .= '<div class="col-sm-5" id="ajax_list_courses_destination">'; $html .= '<select id="destination" class="form-control" name="SessionCoursesListDestination[]" ></select>'; $html .= '</div></div>'; $options = '<div class="radio"><label><input type="radio" id="copy_option_1" name="copy_option" value="full_copy" checked="checked"/>'; $options .= get_lang('FullCopy') . '</label></div>'; $options .= '<div class="radio"><label><input type="radio" id="copy_option_2" name="copy_option" value="select_items" disabled="disabled"/>'; $options .= ' ' . get_lang('LetMeSelectItems') . '</label></div>'; $options .= '<div class="checkbox"><label><input type="checkbox" id="copy_base_content_id" name="copy_only_session_items" />' . get_lang('CopyOnlySessionItems') . '</label></div>'; $html .= Display::panel($options, get_lang('TypeOfCopy')); $html .= '<div class="form-group"><div class="col-sm-12">'; $html .= '<button class="btn btn-success" type="submit" onclick="javascript:if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES)) . "'" . ')) return false;"><em class="fa fa-files-o"></em> ' . get_lang('CopyCourse') . '</button>'; // Add Security token $html .= '<input type="hidden" value="' . Security::get_token() . '" name="sec_token">'; $html .= '</div></div>'; $html .= '</form>'; echo $html; }
function manage_form($default, $select_from_user_list = null, $sent_to = null) { $group_id = isset($_REQUEST['group_id']) ? intval($_REQUEST['group_id']) : null; $message_id = isset($_GET['message_id']) ? intval($_GET['message_id']) : null; $param_f = isset($_GET['f']) && $_GET['f'] == 'social' ? 'social' : null; $form = new FormValidator('compose_message', null, api_get_self() . '?f=' . $param_f, null, array('enctype' => 'multipart/form-data')); if (empty($group_id)) { if (isset($select_from_user_list)) { $form->addText('id_text_name', get_lang('SendMessageTo'), true, array('id' => 'id_text_name', 'onkeyup' => 'send_request_and_search()', 'autocomplete' => 'off')); $form->addRule('id_text_name', get_lang('ThisFieldIsRequired'), 'required'); $form->addElement('html', '<div id="id_div_search" style="padding:0px" class="message-select-box" > </div>'); $form->addElement('hidden', 'user_list', 0, array('id' => 'user_list')); } else { if (!empty($sent_to)) { $form->addLabel(get_lang('SendMessageTo'), $sent_to); } if (empty($default['users'])) { //fb select $form->addElement('select_ajax', 'users', get_lang('SendMessageTo'), array(), ['multiple' => 'multiple', 'url' => api_get_path(WEB_AJAX_PATH) . 'message.ajax.php?a=find_users']); } else { $form->addElement('hidden', 'hidden_user', $default['users'][0], array('id' => 'hidden_user')); } } } else { $userGroup = new UserGroup(); $group_info = $userGroup->get($group_id); $form->addElement('label', get_lang('ToGroup'), api_xml_http_response_encode($group_info['name'])); $form->addElement('hidden', 'group_id', $group_id); $form->addElement('hidden', 'parent_id', $message_id); } $form->addText('title', get_lang('Subject'), true); $form->addHtmlEditor('content', get_lang('Message'), false, false, array('ToolbarSet' => 'Messages', 'Width' => '100%', 'Height' => '250')); if (isset($_GET['re_id'])) { $message_reply_info = MessageManager::get_message_by_id($_GET['re_id']); $default['title'] = get_lang('MailSubjectReplyShort') . " " . $message_reply_info['title']; $form->addElement('hidden', 're_id', intval($_GET['re_id'])); $form->addElement('hidden', 'save_form', 'save_form'); //adding reply mail $user_reply_info = api_get_user_info($message_reply_info['user_sender_id']); $default['content'] = '<p><br/></p>' . sprintf(get_lang('XWroteY'), $user_reply_info['complete_name'], Security::filter_terms($message_reply_info['content'])); } if (empty($group_id)) { $form->addElement('label', '', '<div id="filepaths" class="form-group"> <div id="filepath_1"> <label>' . get_lang('FilesAttachment') . '</label> <input type="file" name="attach_1"/> <label>' . get_lang('Description') . '</label> <input id="file-descrtiption" type="text" name="legend[]" class="form-control"/> </div> </div>'); $form->addElement('label', '', '<span id="link-more-attach"><a href="javascript://" onclick="return add_image_form()">' . get_lang('AddOneMoreFile') . '</a></span> (' . sprintf(get_lang('MaximunFileSizeX'), format_file_size(api_get_setting('message.message_max_upload_filesize'))) . ')'); } $form->addButtonSend(get_lang('SendMessage'), 'compose'); $form->setRequiredNote('<span class="form_required">*</span> <small>' . get_lang('ThisFieldIsRequired') . '</small>'); if (!empty($group_id) && !empty($message_id)) { $message_info = MessageManager::get_message_by_id($message_id); $default['title'] = get_lang('MailSubjectReplyShort') . " " . $message_info['title']; } $form->setDefaults($default); $html = ''; if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $user_list = $default['users']; $file_comments = $_POST['legend']; $title = $default['title']; $content = $default['content']; $group_id = isset($default['group_id']) ? $default['group_id'] : null; $parent_id = isset($default['parent_id']) ? $default['parent_id'] : null; if (is_array($user_list) && count($user_list) > 0) { //all is well, send the message foreach ($user_list as $user) { $res = MessageManager::send_message($user, $title, $content, $_FILES, $file_comments, $group_id, $parent_id); if ($res) { $html .= MessageManager::display_success_message($user); } } } else { Display::display_error_message('ErrorSendingMessage'); } } Security::clear_token(); } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $html .= $form->returnForm(); } return $html; }
/** * Return Session Catalogue rendered view * @param string $action * @param string $nameTools * @param array $limit */ public function sessionsList($action, $nameTools, $limit = array()) { $date = isset($_POST['date']) ? $_POST['date'] : date('Y-m-d'); $hiddenLinks = isset($_GET['hidden_links']) ? intval($_GET['hidden_links']) == 1 : false; $limit = isset($limit) ? $limit : getLimitArray(); $countSessions = $this->model->countSessions($date); $sessions = $this->model->browseSessions($date, $limit); $pageTotal = intval(ceil(intval($countSessions) / $limit['length'])); // Do NOT show pagination if only one page or less $cataloguePagination = $pageTotal > 1 ? getCataloguePagination($limit['current'], $limit['length'], $pageTotal) : ''; $sessionsBlocks = array(); // Get session list catalogue URL $sessionUrl = getCourseCategoryUrl(1, $limit['length'], null, 0, 'display_sessions'); // Get session search catalogue URL $courseUrl = getCourseCategoryUrl(1, $limit['length'], null, 0, 'subscribe'); foreach ($sessions as $session) { $sessionsBlocks[] = array('id' => $session['id'], 'name' => $session['name'], 'nbr_courses' => $session['nbr_courses'], 'nbr_users' => $session['nbr_users'], 'coach_name' => $session['coach_name'], 'is_subscribed' => $session['is_subscribed'], 'icon' => $this->getSessionIcon($session['name']), 'date' => SessionManager::getSessionFormattedDate($session), 'subscribe_button' => $this->getRegisterInSessionButton($session['name'])); } $tpl = new Template(); $tpl->assign('action', $action); $tpl->assign('showCourses', CoursesAndSessionsCatalog::showCourses()); $tpl->assign('showSessions', CoursesAndSessionsCatalog::showSessions()); $tpl->assign('api_get_self', api_get_self()); $tpl->assign('sessionUrl', $sessionUrl); $tpl->assign('courseUrl', $courseUrl); $tpl->assign('nameTools', $nameTools); $tpl->assign('coursesCategoriesList', $this->getCoursesCategoriesBlock(null, false, $limit)); $tpl->assign('cataloguePagination', $cataloguePagination); $tpl->assign('hiddenLinks', $hiddenLinks); $tpl->assign('searchToken', Security::get_token()); $tpl->assign('searchDate', $date); $tpl->assign('web_session_courses_ajax_url', api_get_path(WEB_AJAX_PATH) . 'course.ajax.php'); $tpl->assign('sessions_blocks', $sessionsBlocks); $tpl->assign('already_subscribed_label', $this->getAlreadyRegisterInSessionLabel()); $contentTemplate = $tpl->get_template('auth/sessions_catalog.tpl'); $tpl->display($contentTemplate); }